package com._101aiot.auth.config;

import org.springframework.boot.actuate.autoconfigure.security.servlet.EndpointRequest;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;

/**
 * SpringSecurity配置
 * 不要忘了还需要配置Spring Security，允许获取公钥接口的访问；
 */
@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

    /**
     * 放行资源
     *
     * @param http HttpSecurity
     * @throws Exception 异常
     */
    @Override
    protected void configure(HttpSecurity http) throws Exception {
        // 所有请求必须认证通过
        http.authorizeRequests()
                .requestMatchers(EndpointRequest.toAnyEndpoint()).permitAll()
                // 放行下边的路径
                .antMatchers("/rsa/publicKey",
                        // 放行swagger3， 此处放行其实没有意义，因为它不公开任何接口
//                        "/v3/api-docs",
//                        "/swagger-resources",
//                        "/swagger-resources/**",
//                        "/configuration/ui",
//                        "/configuration/security",
//                        "/swagger-ui/**",
//                        "/swagger-ui/**/**",
//                        "/swagger-ui/index.html/**",
//                        "/webjars/**",

                        "/actuator/**",
                        "/v3/api-docs",
                        "/doc.html",
                        "/webjars/**",
                        "/favicon.ico",
                        "/swagger-resources/**"
                ).permitAll()//任何请求
                .anyRequest()
                //都需要身份认证
                .authenticated()
                //csrf跨站请求
                .and()
                .csrf().disable();
    }

    /**
     * 不用认证就可以访问的地址
     * 系统虽然集成了SpringSecurity，但是我在测试的时候不想走过滤器链，那么可以在SecurityConfig设置忽略
     * @param web WebSecurity
     */
    @Override
    public void configure(WebSecurity web) {
        // 忽略权限授权接口
        web.ignoring()
                // 登录、登出、jwt获取接口
                .antMatchers("/user/login", "/user/logout", "/user/jwt");
    }


    @Bean
    @Override
    public AuthenticationManager authenticationManagerBean() throws Exception {

        return super.authenticationManagerBean();
    }

    /**
     * BCryptPasswordEncoder 随机盐加密，，提供加密解密方法
     * @return PasswordEncoder
     */
    @Bean
    public PasswordEncoder passwordEncoder() {

        return new BCryptPasswordEncoder();
    }

//    // 测试BCryptPasswordEncoder 加密解密，随机盐
//    public static void main(String[] args) {
//
//
//
//        String password = "123456";
//
//        BCryptPasswordEncoder bCryptPasswordEncoder = new BCryptPasswordEncoder();
//        for (int i=0;i<10; i++) {
//            // 加密
//            String encode = bCryptPasswordEncoder.encode(password);
//            System.out.println("加密的密码：" + encode);
//            // 解密
//            boolean b = bCryptPasswordEncoder.matches(password, encode);
//            System.out.println("是否正确：" + b);
//        }
//
//    }

}
